Chromium: CVE-2025-11460 Use after free in Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11460
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11460
CVE-2025-59286 Copilot Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59286
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59286
CVE-2025-59272 Copilot Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59272
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59272
CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59271
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59271
CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59252
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59252
CVE-2025-55321 Azure Monitor Log Analytics Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55321
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55321
CVE-2025-59247 Azure PlayFab Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59247
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59247
CVE-2025-59246 Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59246
Azure Entra ID Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59246
CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59218
Azure Entra ID Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59218
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit. Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit. Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
CVE-2025-58724 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Affected software updated with new package information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58724
Affected software updated with new package information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58724
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Corrected security updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
Corrected security updates table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033
CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability
Updated acknowledgment.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59227
Updated acknowledgment.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59227
CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability
Updated acknowledgment. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59233
Updated acknowledgment. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59233
CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
Updated an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53784
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53784
CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53739
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53739
CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53738
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53738
CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53737
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53737
CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53736
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53736